CompTIA Security+ SY0-701 Exam Cram

Häftad, Engelska, 2024

399 kr

Beställningsvara. Skickas inom 7-10 vardagar

Fri frakt för medlemmar vid köp för minst 249 kr.

CompTIA Security+ SY0-701 Exam Cram is an all-inclusive study guide designed to help you pass the updated version of the CompTIA Security+ exam. Prepare for test day success with complete coverage of exam objectives and topics, plus hundreds of realistic practice questions. Extensive prep tools include quizzes, Exam Alerts, and our essential last-minute review Cram Sheet. The powerful Pearson Test Prep practice software provides real-time assessment and feedback with two complete exams.

This edition comes with a Pearson Test Prep Practice Test access code that is delivered upon product registration. Follow the instructions in the book's introduction to register your product.

Covers the critical information needed to score higher on your Security+ SY0-701 exam!

General security concepts
Threats, vulnerabilities, and mitigations
Security architecture
Security operations
Security program management and oversight

Prepare for your exam with Pearson Test Prep

Realistic practice questions and answers
Comprehensive reporting and feedback
Customized testing in study, practice exam, or flash card modes
Complete coverage of CompTIA Security+ SY0-701 exam objectives

Produktinformation

Utgivningsdatum2024-09-02
Mått234 x 313 x 35 mm
Vikt1 016 g
FormatHäftad
SpråkEngelska
SerieExam Cram
Antal sidor688
Upplaga7
FörlagPearson Education
ISBN9780138225575

Tillhör följande kategorier

It-certifieringar inom Data och it
IT-säkerhet inom Data och it

Robert Shimonski, CASP+, CySA+, PenTest+, Security+, is a technology executive specializing in healthcare IT for one of the largest health systems in America. In his current role, Rob is responsible for bringing operational support and incident response into the future with the help of new technologies such as cloud and artificial intelligence. His current focus is on deploying securely to the cloud (Azure, AWS, and Google), DevOps, DevSecOps, and AIOps. Rob spent many years in the technology “trenches,” handling networking and security architecture, design, engineering, testing, and development efforts for global projects. A go-to person for all things security related, Rob has been a major force in deploying security-related systems for 25+ years. Rob also worked for various companies reviewing and developing security curriculum as well as other security-related books, technical articles, and publications based on technology deployment, testing, hacking, pen testing, and many other aspects of security. Rob holds dozens of technology certifications, including 20+ CompTIA certifications, SANS.org GIAC, GSEC, and GCIH, as well as many vendor-based cloud-specialized certifications from Google, Microsoft Azure, and Amazon AWS. Rob is considered a leading expert in prepping others to achieve certification success. Marty M. Weiss has spent his career serving in the U.S. Navy and as a civilian helping large organizations with their information security. He has a Bachelor of Science degree in computer studies from the University of Maryland Global Campus and an MBA from the Isenberg School of Management at the University of Massachusetts Amherst. He also holds several certifications, including CISSP, CISA, and Security+. Having authored numerous acclaimed books on information technology and security, he is now diving into his next endeavor—a seductive romance novel where love and cybersecurity collide in a high-stakes adventure.

Introduction. . . . . . . . . . . . . . . . . . . . . . . xxviPart 1: General Security Concepts 1CHAPTER 1: Security Controls.. . . . . . . . . . . . . . . . . . . . . . 3Nature of Controls.. . . . . . . . . . . . . . . . . . . 3Functional Use of Controls.. . . . . . . . . . . . . . . . 4What Next?.. . . . . . . . . . . . . . . . . . . . . . 9CHAPTER 2: Fundamental Security Concepts.. . . . . . . . . . . . . . . . 11Confidentiality, Integrity, and Availability (CIA).. . . . . . . . . 12Non-Repudiation.. . . . . . . . . . . . . . . . . . . 13Authentication, Authorization, and Accounting (AAA).. . . . . . . 13Gap Analysis. . . . . . . . . . . . . . . . . . . . . 14Zero Trust.. . . . . . . . . . . . . . . . . . . . . . 15Physical Security. . . . . . . . . . . . . . . . . . . . 18Video Surveillance. . . . . . . . . . . . . . . . . . . 20Deception and Disruption Technology. . . . . . . . . . . . 23What Next?.. . . . . . . . . . . . . . . . . . . . . 26CHAPTER 3: Change Management Processes and the Impact to Security.. . . . . 27Change Management. . . . . . . . . . . . . . . . . . 28Business Processes Impacting Security Operations. . . . . . . . 28Technical Implications.. . . . . . . . . . . . . . . . . . 31Documentation. . . . . . . . . . . . . . . . . . . . 35Version Control.. . . . . . . . . . . . . . . . . . . . 36What Next?.. . . . . . . . . . . . . . . . . . . . . 38CHAPTER 4: Cryptographic Solutions. . . . . . . . . . . . . . . . . . . 39Public Key Infrastructure (PKI).. . . . . . . . . . . . . . 40Encryption. . . . . . . . . . . . . . . . . . . . . . 43Tools.. . . . . . . . . . . . . . . . . . . . . . . . 55What Next?.. . . . . . . . . . . . . . . . . . . . . 80Part 2: Threats, Vulnerabilities, and Mitigations 81CHAPTER 5: Threat Actors and Motivations.. . . . . . . . . . . . . . . . 83Threat Actors.. . . . . . . . . . . . . . . . . . . . . 84Motivations.. . . . . . . . . . . . . . . . . . . . . 90What Next?.. . . . . . . . . . . . . . . . . . . . . 96CHAPTER 6: Threat Vectors and Attack Surfaces.. . . . . . . . . . . . 97Types of Threat Vectors and Attack Surfaces. . . . . . . . . . 98What Next?.. . . . . . . . . . . . . . . . . . . . . 114CHAPTER 7: Vulnerability Types.. . . . . . . . . . . . . . . . . . .. 115Application. . . . . . . . . . . . . . . . . . . . . . 116Operating System-Based.. . . . . . . . . . . . . . . . . 118Web-Based. . . . . . . . . . . . . . . . . . . . . . 119Hardware. . . . . . . . . . . . . . . . . . . . . . 120Virtualization.. . . . . . . . . . . . . . . . . . . . . 121Cloud-Specific.. . . . . . . . . . . . . . . . . . . . 122Supply Chain.. . . . . . . . . . . . . . . . . . . . . 123Cryptographic.. . . . . . . . . . . . . . . . . . . . 125Misconfiguration. . . . . . . . . . . . . . . . . . . . 126Mobile Device.. . . . . . . . . . . . . . . . . . . . 127Zero-Day. . . . . . . . . . . . . . . . . . . . . . 127What Next?.. . . . . . . . . . . . . . . . . . . . . 130CHAPTER 8: Malicious Attacks and Indicators.. . . . . . . . .. . . . . 131Malware Attacks.. . . . . . . . . . . . . . . . . . . . 132Physical Attacks.. . . . . . . . . . . . . . . . . . . . 138Network Attacks.. . . . . . . . . . . . . . . . . . . . 139Application Attacks.. . . . . . . . . . . . . . . . . . . 148Cryptographic Attacks.. . . . . . . . . . . . . . . . . . 153Password Attacks. . . . . . . . . . . . . . . . . . . . 154Indicators of Malicious Activity. . . . . . . . . . . . . . . 156What Next?.. . . . . . . . . . . . . . . . . . . . . 160CHAPTER 9 Mitigation Techniques for Securing the Enterprise.. . . . . 161Segmentation.. . . . . . . . . . . . . . . . . . . . . 162Access Control.. . . . . . . . . . . . . . . . . . . . 162Application Allow List.. . . . . . . . . . . . . . . . . . 164Isolation. . . . . . . . . . . . . . . . . . . . . . . 165Patching.. . . . . . . . . . . . . . . . . . . . . . 165What Next?.. . . . . . . . . . . . . . . . . . . . . 176Part 3: Security Architecture 177CHAPTER 10: Security Implications of Architecture Models. . . . . . . . 179Architecture and Infrastructure Concepts. . . . . . . . . . . 180Considerations.. . . . . . . . . . . . . . . . . . . . 201What Next?.. . . . . . . . . . . . . . . . . . . . . 209CHAPTER 11: Enterprise Architecture Security Principles.. . . . . . . . . 211Infrastructure Considerations.. . . . . . . . . . . . . . . 212Secure Communication/Access.. . . . . . . . . . . . . . . 224Selection of Effective Controls.. . . . . . . . . . . . . . . 228What Next?.. . . . . . . . . . . . . . . . . . . . . 232CHAPTER 12: Data Protection Strategies.. . . . . . . . . . . . . . . . . . 233Data Types. . . . . . . . . . . . . . . . . . . . . . 234Data Classifications.. . . . . . . . . . . . . . . . . . . 237General Data Considerations.. . . . . . . . . . . . . . . 238Methods to Secure Data. . . . . . . . . . . . . . . . . 240What Next?.. . . . . . . . . . . . . . . . . . . . . 246CHAPTER 13: Resilience and Recovery in Security Architecture.. . . .. . 247High Availability.. . . . . . . . . . . . . . . . . . . . 248Site Considerations.. . . . . . . . . . . . . . . . . . . 249Platform Diversity. . . . . . . . . . . . . . . . . . . 251Multicloud Systems.. . . . . . . . . . . . . . . . . . . 252Continuity of Operations.. . . . . . . . . . . . . . . . . 252Capacity Planning. . . . . . . . . . . . . . . . . . . 253Testing.. . . . . . . . . . . . . . . . . . . . . . . 254Backups.. . . . . . . . . . . . . . . . . . . . . . . 255Power.. . . . . . . . . . . . . . . . . . . . . . . 261What Next?.. . . . . . . . . . . . . . . . . . . . . 264Part 4: Security Operations 265CHAPTER 14: Securing Resources. . . . . . . . . . . . . . . . . . . . 267Secure Baselines.. . . . . . . . . . . . . . . . . . . . 268Hardening Targets.. . . . . . . . . . . . . . . . . . . 270Wireless Devices. . . . . . . . . . . . . . . . . . . . 278Mobile Solutions. . . . . . . . . . . . . . . . . . . . 281Wireless Security Settings.. . . . . . . . . . . . . . . . 285Application Security.. . . . . . . . . . . . . . . . . . 289Sandboxing.. . . . . . . . . . . . . . . . . . . . . 290Monitoring.. . . . . . . . . . . . . . . . . . . . . 291What Next?.. . . . . . . . . . . . . . . . . . . . . 293CHAPTER 15: Hardware, Software, and Data Asset Management.. . . . . . . . . 295Acquisition/Procurement Process.. . . . . . . . . . . . . . 296Assignment/Accounting.. . . . . . . . . . . . . . . . . 297Monitoring and Asset Tracking.. . . . . . . . . . . . . . . 299Disposal/Decommissioning.. . . . . . . . . . . . . . . . 300What Next?.. . . . . . . . . . . . . . . . . . . . . 305CHAPTER 16: Vulnerability Management.. . . . . . . . . . . . . . . . . . 307Identification Methods. . . . . . . . . . . . . . . . . . 308Analysis.. . . . . . . . . . . . . . . . . . . . . . . 316Vulnerability Response and Remediation.. . . . . . . . . . . 322Validation of Remediation.. . . . . . . . . . . . . . . . 325Reporting. . . . . . . . . . . . . . . . . . . . . . 326What Next?.. . . . . . . . . . . . . . . . . . . . . 328CHAPTER 17: Security Alerting and Monitoring. . . . . . . . . . . . . . . . 329Monitoring Computing Resources.. . . . . . . . . . . . . 330Activities.. . . . . . . . . . . . . . . . . . . . . . 332Tools.. . . . . . . . . . . . . . . . . . . . . . . . 336What Next?.. . . . . . . . . . . . . . . . . . . . . 347CHAPTER 18: Enterprise Security Capabilities.. . . . . . . . . . . . . . . . 349Firewall.. . . . . . . . . . . . . . . . . . . . . . . 350IDS/IPS. . . . . . . . . . . . . . . . . . . . . . . 354Web Filter.. . . . . . . . . . . . . . . . . . . . . . 357Operating System Security.. . . . . . . . . . . . . . . . 361Implementation of Secure Protocols.. . . . . . . . . . . . . 363DNS Filtering.. . . . . . . . . . . . . . . . . . . . 366Email Security.. . . . . . . . . . . . . . . . . . . . 367File Integrity Monitoring. . . . . . . . . . . . . . . . . 369Data Loss Prevention (DLP).. . . . . . . . . . . . . . . 370Network Access Control (NAC).. . . . . . . . . . . . . . 371Endpoint Detection and Response (EDR)/Extended Detection and Response (XDR)..372User Behavior Analytics.. . . . . . . . . . . . . . . . . 373What Next?.. . . . . . . . . . . . . . . . . . . . . 375CHAPTER 19: Identity and Access Management.. . . . . . . . . . . . . . . 377Provisioning/De-provisioning User Accounts.. . . . . . . . . . 378Permission Assignments and Implications. . . . . . . . . . . 379Identity Proofing.. . . . . . . . . . . . . . . . . . . 381Federation and Single Sign-On (SSO).. . . . . . . . . . . . 382Interoperability. . . . . . . . . . . . . . . . . . . . 385Attestation.. . . . . . . . . . . . . . . . . . . . . . 385Access Controls.. . . . . . . . . . . . . . . . . . . . 386Multifactor Authentication (MFA).. . . . . . . . . . . . . . 388Password Concepts.. . . . . . . . . . . . . . . . . . . 395Privileged Access Management Tools. . . . . . . . . . . . . 397What Next?.. . . . . . . . . . . . . . . . . . . . . 400CHAPTER 20: Security Automation and Orchestration. . . . . . . . . . . . . 401Use Cases of Automation and Scripting.. . . . . . . . . . . . 402Benefits.. . . . . . . . . . . . . . . . . . . . . . . 405Other Considerations.. . . . . . . . . . . . . . . . . . 406What Next?.. . . . . . . . . . . . . . . . . . . . . 408CHAPTER 21: Incident Response Activities. . . . . . . . . . . . . . . . . 409Incident Response Process.. . . . . . . . . . . . . . . . 410Training and Testing.. . . . . . . . . . . . . . . . . . 411Root Cause Analysis (RCA).. . . . . . . . . . . . . . . . 412Threat Hunting.. . . . . . . . . . . . . . . . . . . . 413Digital Forensics. . . . . . . . . . . . . . . . . . . . 414What Next?.. . . . . . . . . . . . . . . . . . . . . 417CHAPTER 22: Data Sources for Supporting Investigations. . . . . . . . . . . . 419Log Data.. . . . . . . . . . . . . . . . . . . . . . 419Data Sources.. . . . . . . . . . . . . . . . . . . . . 421What Next?.. . . . . . . . . . . . . . . . . . . . . 423Part 5: Security Program Management and Oversight 425CHAPTER 23: Effective Security Governance.. . . . . . . . . . . . . . . . 427Governing Framework. . . . . . . . . . . . . . . . . . 428Policies.. . . . . . . . . . . . . . . . . . . . . . . 433Standards.. . . . . . . . . . . . . . . . . . . . . . 445Procedures.. . . . . . . . . . . . . . . . . . . . . . 447Guidelines.. . . . . . . . . . . . . . . . . . . . . . 452External Considerations. . . . . . . . . . . . . . . . . 453Roles and Responsibilities for Systems and Data.. . . . . . . . . 460What Next?.. . . . . . . . . . . . . . . . . . . . . 464CHAPTER 24: Risk Management.. . . . . . . . . . . . . . . . . . . . . 465Risk Identification. . . . . . . . . . . . . . . . . . . 466Risk Assessment.. . . . . . . . . . . . . . . . . . . . 466Risk Analysis. . . . . . . . . . . . . . . . . . . . . 468Risk Register.. . . . . . . . . . . . . . . . . . . . . 472Risk Appetite and Tolerance.. . . . . . . . . . . . . . . . 474Risk Management Strategies. . . . . . . . . . . . . . . . 475Risk Reporting.. . . . . . . . . . . . . . . . . . . . 477Business Impact Analysis.. . . . . . . . . . . . . . . . . 478What Next?.. . . . . . . . . . . . . . . . . . . . . 483CHAPTER 25: Third-Party Risk Assessment and Management. . . . . . . . . . 485Third-Party Risk Management.. . . . . . . . . . . . . . . 486What Next?.. . . . . . . . . . . . . . . . . . . . . 494CHAPTER 26: Security Compliance.. . . . . . . . . . . . . . . . . . . . 495Compliance Reporting and Monitoring.. . . . . . . . . . . . 496Privacy.. . . . . . . . . . . . . . . . . . . . . . . 501What Next?.. . . . . . . . . . . . . . . . . . . . . 507CHAPTER 27: Security Audits and Assessments.. . . . . . . . . . . . . . . 509Audits and Assessments.. . . . . . . . . . . . . . . . . 510Penetration Testing.. . . . . . . . . . . . . . . . . . . 513What Next?.. . . . . . . . . . . . . . . . . . . . . 523CHAPTER 28: Security Awareness Practices. . . . . . . . . . . . . . . . . 525Security Awareness.. . . . . . . . . . . . . . . . . . . 526What Next?.. . . . . . . . . . . . . . . . . . . . . 550Glossary of Essential Terms.. . . . . . . . . . . . . . . . . 551Cram Sheet.. . . . . . . . . . . . . . . . . . . . . . . 603 9780138225575, TOC, 7/3/2024